Download the latest version of Command AntiVirus
Get the latest virus definition files
Buy Command AntiVirus online
Name:W95/Babylonia
Aliases:
Type: Memory resident, polymorphic virus, worm, and trojan
Description:
W95/Babylonia is believed to have first been discovered on an Internet newsgroup. The file, serialz.hlp, was advertised as containing serial numbers of commercial software. The virus is unique in both its complexity and its abilites. Infection occurs under Windows 95 only and incorporates worm and backdoor trojan capabilities. Executing infected HLP files actually provides the mechanism to build the viral code into a Win32 executable.
In a similar fashion to Happy99, W95/Babylonia affects WSOCK32.DLL. If an infected user logs onto mIRC, all other members of the same chat room will be sent the infection, apparently disguised as a Y2K fix. In addition, the virus attempts to send e-mail to a hotmail account, believed to be for the purpose of allowing the virus authors to track the virus. W95/Babylonia also attaches an infected executable, X-MAS.EXE, to all otherwise legitimate e-mail. If the recipient executes the attachment, they will in turn be infected. The execute attachment displays two erroneous dialogs:
Loader Error
API not found!
Loader Error
Windows __ required!
This program will be terminated
Depending on whether the operating system is 95 or NT, the opposite operating system will be identified as being required. However, if the operating system is Windows NT, the infection will not occur.
W95/Babylonia remains resident as a VxD, intercepting file access commands, including FileOpen. This allows the virus to intercept control and bypass some anti-virus software.
W95/Babylonia also creates a completely separate Trojan, C:\Babylonia.exe. The trojan then attempts every 60 seconds to contact a hacker's site in Japan. Once connected, Babylonia.exe downloads vecna/virus.txt which contains a list of additional files. Essentially, the trojan then downloads and process each of the additional files. This particular routine allows the virus creator(s) to perform various tasks, including updating the virus and installing remote access tools.
Detection:
Command AntiVirus 4.58 will detect W95/Babylonia with Deffiles dated 12/9/99.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .